PT-2026-53065 · Undefined · Undefined
Published
2026-06-27
·
Updated
2026-06-27
·
CVE-2026-49416
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The CONS HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation.
An unprivileged local user with access to a vt(4) device can trigger an out-of-bounds write in the kernel, potentially escalating privileges.
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Undefined